Repository Firewall Guided Setup

Repository Firewall's guided setup automatically launches after logging in to the IQ Server as an Administrator after connecting your artifact repository to the IQ Server. The guided setup reduces the complexity of setting up a Repository Firewall by configuring every repository to protect from one workflow.

The guided setup was added to IQ Server in version 168 and is compatible with Nexus Repository Pro 3.60+ and the Firewall for Artifactory plugin version 2.4.8+.

Guided Setup disabled by default

As of IQ release 182, the Repository Firewall guided setup is disabled by default. The following property is to enable the guided setup using the Feature Configuration REST API.

internalFirewallOnboardingEnabled

The guided setup is currently intended only to run once for each connected repository manager. Resetting the guided setup is not available at this time.

Connecting your artifact repository

Connect your artifact repository to your instance of IQ Server.

Use the following steps for Nexus Repository 3 Pro:

Log in to the Nexus Repository 3 Pro instance with administrator access
Select the administration cog from the main menu
Select IQ Server from the Administration section of the side menu
Complete the IQ Server setup form
1. Select the Enable the Use of IQ Server box
2. Add your IQ Server URL
3. Select an authentication method
  1. User Authentication: enter the IQ Server username and password
  2. PKI Authentication: delegate to the JVM for authentication
4. Select Save
Select Verify Connection to test the configuration

Note

We recommend using a service account when connecting Nexus Repository to the IQ Server in production environments. Consider generating user tokens as an added layer of security.

At a minimum, this account requires access to the Evaluate Individual Components permission at the Repository Managers level in IQ Server Org and Policies.

Leave the following configuration options blank unless directed by Sonatype support:

Properties, Connection Timeout

Use the following steps for Firewall for Artifactory:

Add the IQ Server connection details to the "firewall.properties" file
Alternatively, use the REST API to update the connection details after the plugin has been installed

Steps for the Repository Firewall Guided Setup

The Repository Firewall guided setup is launched by logging in as a user with "Edit IQ Elements" permissions for Repositories in the IQ Server. The setup will guide you through the following series of pages to configure protection:

Enable Repository Firewall Rules
Selecting Proxy Repositories
Selecting Hosted Repositories
Reviewing the Configuration

Step 1: Enable Repository Firewall Rules

This page allows you to enable the following Firewall protection on the Nexus Repository instance. Our recommendation is to enable protection from supply chain attacks and namespace confusion.

Supply Chain attack protection	The selection on this page allows this capability to be enabled on selected proxy repositories The selection of proxy repositories where you wish to apply this capability is done in step 2
Namespace confusion protection	The selection on this page allows this capability to be enabled on selected proxy repositories. The selection of hosted repositories to get the namespace from to enable this protection is done in step 3

Step 2: Selecting Proxy Repositories

Select the public-facing proxy repositories from which you are proxying open-source components. The selections on this page will enable supply chain attack protection and namespace attack protection on the selected repositories.

Select ‘Continue’ when ready to move to the next step

Step 3: Selecting Hosted Repositories

Select the hosted repositories with internal artifacts for which you want to restrict their namespaces from public-facing repositories.